{# SPDX-FileCopyrightText: 2024 MDAD Team and contributors SPDX-License-Identifier: AGPL-3.0-or-later #} #jinja2: lstrip_blocks: "True" # This is a custom nginx configuration file that we use in the container (instead of the default one), # because it allows us to run nginx with a non-root user. # # For this to work, the default vhost file (`/etc/nginx/conf.d/default.conf`) also needs to be removed. # (mounting `/dev/null` over `/etc/nginx/conf.d/default.conf` works well) # # The following changes have been done compared to a default nginx configuration file: # - default server port is changed (80 -> 8080), so that a non-root user can bind it # - various temp paths are changed to `/tmp`, so that a non-root user can write to them # - the `user` directive was removed, as we don't want nginx to switch users worker_processes 1; error_log /var/log/nginx/error.log warn; pid /tmp/nginx.pid; events { worker_connections 1024; } http { proxy_temp_path /tmp/proxy_temp; client_body_temp_path /tmp/client_temp; fastcgi_temp_path /tmp/fastcgi_temp; uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; server { listen 8080; server_name localhost; root /usr/share/nginx/html; location / { index index.html index.htm; } location ~* ^/(config(.+)?\.json$|(.+)\.html$|i18n) { expires -1; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } }